ioc[.]one - OSINT Cyber Threat Intelligence Database

Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation

Tags

cmtmf-attack-pattern:	Masquerading
country:	Kazakhstan Poland Russia Syria Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Bash History - T1552.003 Defacement - T1491 Email Addresses - T1589.002 Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software - T1592.002 Windows Service - T1543.003 Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Bash History - T1139 Installutil - T1118 Masquerading - T1036 Powershell - T1086 Trap - T1154 Masquerading

Show in Graph

Common Information

Type	Value
UUID	1c0b6611-bfd3-4031-a4c2-3e8588ed0981
Fingerprint	3556b89904258381
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 21, 2022, 3:14 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Vulnerability Information
Title	Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
Detected Hints/Tags/Attributes	132/4/20

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	119	yandex.ru
Details	Domain	1174	gmail.com
Details	Domain	372	wscript.shell
Details	Email	1	wbgroup022@gmail.com
Details	Email	1	whiteblackgroup002@gmail.com
Details	File	70	e.doc
Details	File	9	nmddfrqqrbyjeygggda.vbs
Details	File	11	advancedrun.exe
Details	File	118	sc.exe
Details	File	3	%temp%\advancedrun.exe
Details	File	1	c:\windows\system32 \sc.exe
Details	File	1208	powershell.exe
Details	File	83	installutil.exe
Details	File	1	installerutil.exe
Details	md5	5	78c855a088924e92a7f60d661c3d1845
Details	sha256	20	a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
Details	sha256	21	dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
Details	sha256	12	923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6
Details	sha256	12	9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
Details	sha256	9	34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907